alexskopje - stock.adobe.com

Massive increase in fraud attacks on TSB customers during IT meltdown

There was a massive spike in attempts by fraudsters to steal from TSB customers when the bank’s IT systems failed in 2018

There was a massive increase in fraudulent cyber attacks during TSB’s IT migration disaster, which was out of control, according to major investigation report.

Opportunistic fraudsters stepped up their attempts to trick TSB customers into divulging account details during the bank’s botched IT migration, which started in April 2018.

According to a report by law firm Slaughter and May, which investigated the disaster, these fraud attempts were 70 times higher than normal levels at one point during the crash.

The problems began during the migration of five million customers from Lloyds Banking Group systems, where they were hosted, to a new core banking platform, known as Proteo4UK.

Many customers were locked out of their accounts, some saw money disappearing from accounts, and others were even able to see other people’s accounts.

The report said that TSB’s CIO at the time stated that the scale of the attacks “exceeded by far the ability to serve customers affected by fraud”.

Slaughter and May report did not look into the causes of the fraud because it was not “within the scope of its review”, but it referenced a report by TSB’s CIO that stated “the public nature of the issues suffered by TSB customers led to a massive fraud attack”.

From Monday 30 April 2018, customers began to experience an increase in opportunistic fraud attacks. These peaked on 15 May, when they were approximately 70 times higher than usual, the report said.

In June last year, following a Computer Weekly request, mobile software security company Wandera, which monitors and blocks global mobile threats, found the number of phishing attacks targeting TSB customers leapt by 843% in May compared with April as fraudsters took advantage of the bank’s IT meltdown. Fraudsters were using TSB-themed phishing emails to trick customers desperate to access their accounts into giving personal information.

Wandera’s investigation revealed that in May 2018, TSB was the second most used bank brand by scammers attempting to obtain customer details.

In April, TSB did not even appear in the top five. “TSB appeared in the top five financial services apps to be impersonated for attacks for the first time this year, showing that TSB was not a high priority for phishing prior to this incident,” said Wandera.

The IT problems cost the bank hundreds of millions of pounds in compensating customers, additional resources for advisory services from companies such as IBM and Deloitte, fraud and forgone income.

The investigation, and the 262-page report that followed, are said to have cost £25m. The bank’s former CEO, Paul Pester, stepped down in September last year after seven years in the role.

Proteo4UK is a UK-specific version of an existing core banking system used by TSB parent Sabadell. When Sabadell acquired TSB in 2015, it said it would move customers to a new banking platform, and TSB said this would cut its costs by £160m a year. It had previously paid Lloyds Banking Group, its previous owner, several hundred million pounds a year for a service.

At the time, TSB chairman Richard Meddings said: “Although there is more to do to achieve full stability for customers, the bank’s IT systems and services are much improved since the IT migration. Paul and the board have therefore agreed that this is the right time to appoint a new CEO for TSB.”

Debbie Crosbie, previously chief operating officer at Clydesdale Bank, Yorkshire Bank and Virgin Money owner CYBG, is the new CEO at TSB.

Read more about the TSB IT migration disaster

Read more on Data breach incident management and recovery